You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "David J. M. Karlsen (JIRA)" <ji...@apache.org> on 2018/06/22 11:46:00 UTC
[jira] [Commented] (CXF-7753) Support
draft-cavage-http-signatures-09 OOTB
[ https://issues.apache.org/jira/browse/CXF-7753?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16520276#comment-16520276 ]
David J. M. Karlsen commented on CXF-7753:
------------------------------------------
We'll have a go at this and get back with a PR.
> Support draft-cavage-http-signatures-09 OOTB
> --------------------------------------------
>
> Key: CXF-7753
> URL: https://issues.apache.org/jira/browse/CXF-7753
> Project: CXF
> Issue Type: New Feature
> Components: JAX-RS Security
> Reporter: David J. M. Karlsen
> Priority: Major
>
> It would be nice to support http signing signatures:
> https://tools.ietf.org/html/draft-cavage-http-signatures-09
> It will probably increase in popularity as it's part of PSD2 security:
> https://www.stet.eu/assets/files/PSD2/API-DSP2-STET_V1.2.3_final.pdf
> I've found a library which could be used: https://github.com/mbarbero/http-messages-signing
> either making the integration in that library, or providing a cxf component using parts of it for the signing part.
> By doing this validation of incoming requests, as well as signing of outgoing reqs could be handled transparently by either an interceptor, or maybe more vanilla, a JAX-RS filter.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)